db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rick Hillegas <Richard.Hille...@Sun.COM>
Subject Re: [jira] Commented: (DERBY-2109) System privileges
Date Thu, 14 Dec 2006 22:50:12 GMT
David Van Couvering wrote:
> Rick Hillegas (JIRA) wrote:
>> 2) Unfamiliar api. Oracle, DB2, Postgres, and MySQL all handle system 
>> privileges in different ways. Picking one of these models would still 
>> result in an api that's unfamiliar to many people. That said, these 
>> databases do tend to use GRANT/REVOKE for system privileges, albeit 
>> each in its own peculiar fashion. I agree that GRANT/REVOKE is an 
>> easier model to learn than Java Security. I think however, that the 
>> complexity of Java Security is borne by the derby-dev developer, not 
>> by the customer. Creating a policy file is very easy and our user 
>> documentation gives simple examples which the naive user can just 
>> crib. With adequate user documentation, I think this approach would 
>> be straightforward for the customer.
> I must respectfully disagree that "creating a policy file is very 
> easy."  I think it's a royal PITA - the syntax is complex, 
> nonintuitive and unforgiving.
> Can we provide a GRANT/REVOKE interface on top of an implementation 
> that  uses JAAS?
Hi David,

Can you describe what you have in mind in greater detail? In our earlier 
discussions, we wanted to avoid using GRANT/REVOKE to manage system 
privileges. This is because this solution seemed to imply creating a 
master database in which to store the system-wide privileges. Are you 

1) That we use GRANT/REVOKE to edit the policy file and provide some 
VTIs for inspecting it?

2) That we provide a master database and GRANT/REVOKE in addition to the 
JAAS solution?

3) Something else?


View raw message